You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/10/26 17:49:50 UTC

[jira] Closed: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.

     [ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-3111.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.2
                   2.1
         Assignee: David Jencks

Fixed in GERONIMO-2925.

> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3111
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3111
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
>         Environment: All platforms & JDKs
>            Reporter: Phani Balaji Madgula
>            Assignee: David Jencks
>             Fix For: 2.1, 2.0.2
>
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1. 
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes 
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option). 
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs. 
> But, having the above feature in the server will eliminate the need for the same.
> Thanks 
> Phani
> Your comments on this issue are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.